Bridge Protocol Statement on NEP-5 Contract Storage Injection Vulnerability

Dear Bridge Community,

Recently, NEO announced a newly discovered “storage injection vulnerability” that affects some NEP-5 token smart contracts. NEO Global and Red4Sec identified this issue and brought it to our engineers’ attention. IAM tokens fall into the category of minimal risk. This means that a bad-actor could potentially spend IAM tokens to increase reported variable TotalSupply, but this wouldn’t cause an increase in the actual IAM supply. We consider this a low threat for our company.

1) The bad-actor would have to spend IAM, but would not receive any benefit in return. No IAM tokens would be accrued, rather the tokens spent to try the bad act would be “burned.”

Our team wants to reiterate, all IAM tokens are safe. No wallets or transactions are impacted and users can transact and hold IAM tokens without fear. Our team and admins are on Telegram, Discord and Reddit to answer any of your questions.

Thanks for being an early supporter of Bridge. We continue to work with banks, regulators and attorneys to bring the first KYC compliant-ready digital identity platform.

Thank you,

Stephen, CEO of Bridge Protocol